Re: Deploying UAA for external users #uaa #cf

Jonathan Matthews <contact+cfdev@...>

On Tue, 21 Jul 2020 at 14:07, Shetty, Viraj S [CTR] via <> wrote:
Thanks Enrique. We are deploying UAA in for our agency and it will be used by applications deployed in for our agency. I can add a nginx proxy in front but I think I should be able to filter IP addresses with spring or in the web.xml

Just in case this is useful to you, I suggest taking a look at the CF (hence probably also feature called “Route Services”. 

Using this platform feature would allow you to deploy a vanilla UAA and decouple it (as an app) from its layer 4 / layer 7 protection.

Nginx can be used as a WAF in that topology, as can Haproxy or anything else reverse-proxy-ish. 

Personally, I’d chose that over relying on a block-/allow-list feature in the UAA itself, where you’d be dependent both on the feature’s presence and its correctness with no regressions over time. 

My 2¢ :-)

Jonathan Matthews

Join { to automatically receive all group messages.